[Bps-public-commit] rt-extension-formtools branch form-home-icon-upload updated. 0.53-26-g366ff53

BPS Git Server git at git.bestpractical.com
Tue Sep 26 21:16:04 UTC 2023


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt-extension-formtools".

The branch, form-home-icon-upload has been updated
       via  366ff53873c5a90d1617b802ed0d52c80915f2b6 (commit)
       via  7bdb20a3ab4b724e7027f0dc4ebedb60b5ff0e78 (commit)
       via  e82b385f37d5b5885fe3dbb347d843bdc235797a (commit)
      from  143c3aaf1c889c6fb7c13f8e6f69afe962879004 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 366ff53873c5a90d1617b802ed0d52c80915f2b6
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Tue Sep 26 17:11:36 2023 -0400

    Customize RTs Abort to prevent permission errors from CreateTicket
    
    By default, CreateTicket calls Abort at the end if the current
    user doesn't have ShowTicket. In FormTools, we aren't showing
    the ticket at the end, we're showing the last configured form
    page. Since end users are using a form wizard to create one
    or more tickets, it's possible they don't have rights to directly
    see the newly created ticket, especially in Self Service.
    
    Add an exception to Abort so we can get the ticket object if
    the create was successful, even if the current user can't
    see the ticket.

diff --git a/html/Forms/dhandler b/html/Forms/dhandler
index c49a320..d8272ea 100644
--- a/html/Forms/dhandler
+++ b/html/Forms/dhandler
@@ -92,7 +92,16 @@ $base_path = '/SelfService' . $base_path if $SelfService;
 
 my ($ticket_obj, @results);
 if ( $create_ticket ) {
-    ($ticket_obj, @results) = CreateTicket(
+
+    # We override Abort elsewhere so we'll get $ticket_obj here even if
+    # the current user has no rights to see the newly created ticket.
+
+    # We deliberately don't pass along @results because the work
+    # behind the scenes is "magic" and we don't want the form user to
+    # see any details, like ticket ids or queues, if they are not supposed
+    # to see them.
+
+    ($ticket_obj) = CreateTicket(
         Subject => 'Ticket created from FormTools form ' . $form_name,
         Queue   => $queue_obj->Id,
         Status => 'new',
diff --git a/lib/RT/Interface/Web_Vendor.pm b/lib/RT/Interface/Web_Vendor.pm
new file mode 100644
index 0000000..0ac5710
--- /dev/null
+++ b/lib/RT/Interface/Web_Vendor.pm
@@ -0,0 +1,26 @@
+package HTML::Mason::Commands;
+
+no warnings qw(redefine);
+
+# This should be the same class we are overlaying here
+my $original_abort = \&HTML::Mason::Commands::Abort;
+
+sub Abort {
+    my $why = shift;
+    my %args = @_;
+
+    if ( $why =~ /^No permission to view newly created ticket #(\d+)/ ) {
+        # We're showing a custom "form submitted" page, not the ticket,
+        # so we don't want to abort if the user doesn't have rights to
+        # see the ticket.
+
+        # Just return for this case so the create ticket form can get
+        # the ticket object and any actual error messages.
+
+        return;
+    }
+
+    &$original_abort( $why, %args );
+}
+
+1;

commit 7bdb20a3ab4b724e7027f0dc4ebedb60b5ff0e78
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Tue Sep 26 17:08:40 2023 -0400

    Build the correct path to render forms in SelfService

diff --git a/html/Forms/dhandler b/html/Forms/dhandler
index 790aece..c49a320 100644
--- a/html/Forms/dhandler
+++ b/html/Forms/dhandler
@@ -1,6 +1,6 @@
-<&|/FormTools/Form, next => '/Forms/' . $form_name . '/' . $form_config->{'formtools-pages'}{$page}{'next'},
+<&|/FormTools/Form, next => $base_path . $form_name . '/' . $form_config->{'formtools-pages'}{$page}{'next'},
     validation => $form_config->{'formtools-pages'}{$page}{'validation'},
-    next_for_validation => '/Forms/' . $form_name . '/' . $page,
+    next_for_validation => $base_path . $form_name . '/' . $page,
     results_ref => \@results,
 &>
 
@@ -83,6 +83,9 @@ unless ( $ok ) {
 $m->notes( queue => $queue_obj );
 $m->notes( page_title => $form_config->{'formtools-pages'}{$page}{'name'} );
 
+my $base_path = '/Forms/';
+$base_path = '/SelfService' . $base_path if $SelfService;
+
 # Try to create a ticket if we're on the last page and
 # "create_ticket" is submitted as an arg from the second-to-last
 # page.
@@ -102,4 +105,5 @@ if ( $create_ticket ) {
 <%args>
 $_form_tools_next => undef
 $create_ticket => undef
+$SelfService => 0
 </%args>
diff --git a/html/SelfService/Forms/dhandler b/html/SelfService/Forms/dhandler
index 62e18bf..a2aad9f 100644
--- a/html/SelfService/Forms/dhandler
+++ b/html/SelfService/Forms/dhandler
@@ -1,2 +1,2 @@
 % # Shim for SelfService to run the Forms page
-% $m->comp('/Forms/dhandler', %ARGS);
+% $m->comp('/Forms/dhandler', SelfService => 1, %ARGS);

commit e82b385f37d5b5885fe3dbb347d843bdc235797a
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Tue Sep 26 17:05:47 2023 -0400

    Don't die if a custom field can't be loaded
    
    The most common case is the end user doesn't have
    rights to see the CF, and this shouldn't cause a
    server error for the entire form. Leave an error message
    in the logs for the admin and return.

diff --git a/html/FormTools/Field b/html/FormTools/Field
index ca20a17..5ffd333 100644
--- a/html/FormTools/Field
+++ b/html/FormTools/Field
@@ -53,7 +53,8 @@ if ( RT::Extension::FormTools::is_core_field($name) ) {
     unless ( $cf->id ) {
         my $msg = "Could not find a custom field called $name";
         $msg .= " for the queue ".$queue->Name if (defined $queue);
-        die $msg;
+        RT->Logger->error('Could not load custom field:' . $msg);
+        return;
     }
 
     $m->notes( cfs_on_page => [ @{$m->notes('cfs_on_page')||[]}, $cf->id ] );
@@ -250,7 +251,8 @@ $default = '' unless defined $default;
 % }
 
 % } else {
-% die "'$render_as' isn't a valid rendering option for field '$name'";
+% RT->Logger->error("'$render_as' isn't a valid rendering option for field '$name'");
+% return;
 %}
 
 % }

-----------------------------------------------------------------------

Summary of changes:
 html/FormTools/Field            |  6 ++++--
 html/Forms/dhandler             | 19 ++++++++++++++++---
 html/SelfService/Forms/dhandler |  2 +-
 lib/RT/Interface/Web_Vendor.pm  | 26 ++++++++++++++++++++++++++
 4 files changed, 47 insertions(+), 6 deletions(-)
 create mode 100644 lib/RT/Interface/Web_Vendor.pm


hooks/post-receive
-- 
rt-extension-formtools


More information about the Bps-public-commit mailing list